xz
copyparty
xz | copyparty | |
---|---|---|
24 | 6 | |
160 | 456 | |
- | - | |
9.7 | 9.7 | |
about 2 months ago | 5 days ago | |
C | Python | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xz
-
XZ backdoor story – Initial analysis
Very funny. This one:
https://github.com/tukaani-project/xz/commits?author=thesame...
- Xz: Update maintainer and author info. The other maintainer suddenly disappeared
- Thanks Andres Freud
- The xz-utils backdoor has been removed
-
The xz sshd backdoor rabbithole goes quite a bit deeper
> The payload of the 'hack' contains fairly easy ways for the xz hackers to update the payload. They actually used it to remove a real issue where their hackery causes issues with valgrind that might lead to discovering it, and they also used it to release 5.6.1 which rewrites significant chunks;
The valgrind fix in 5.6.1 overwrites the same test files used in 5.6.0 instead of using the injection code's extension hooks. This is done with what should have been a highly suspicious commit: https://github.com/tukaani-project/xz/commit/6e636819e8f0703... - this replaces "random" test files with other "random" test files. The state reson is questionable to begin but not including the seed used when the the purpoted reason was to be able to re-create the files in the future is highly suspicous. This should have raised red flags bug no one was watching. I'd say this is another part of the operation that was much more sloppy than it needed to be.
-
Timeline of the xz open source attack
In https://archive.softwareheritage.org/browse/revision/e446ab7...
-
GitHub Disabled the Xz Repo
You're right, but maybe because there's nothing to see : https://github.com/tukaani-project/xz
- Xz Repository Censored by GitHub
- Backdoor in upstream xz/liblzma leading to SSH server compromise
- The Return of the Frame Pointers
copyparty
-
Python Is Portable
I tried to build a Win10 binary with Nuitka just the other day, and was surprised to find that the pyinstaller binary had higher performance. Pyinstaller also had several other advantages, such as producing smaller binaries, and building faster, and Win7 support.
For reference, I kept notes on the exact commands I used: https://github.com/9001/copyparty/blob/hovudstraum/docs/nuit...
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
indeed; it should be trivial in any language. Here's python: https://github.com/9001/copyparty/blob/a080759a03ef5c0a6b06c...
- Copyparty – Portable file server with accelerated resumable uploads, dedup
- Copyparty: File server with uploads, WebDAV, media indexer, thumbnails, etc.
- A mix of old and new music albums
- Show HN: Copyparty – file-sharing service / NAS interface
What are some alternatives?
wasmtime - A fast and secure runtime for WebAssembly
dufs - A file server that supports static serving, uploading, searching, accessing control, webdav...
libarchive - Multi-format archive and compression library
updog - Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.
stencil-golang - Template repository for Golang applications
Logistics-Station - A simple file shares implement in Python TCP socket.
tukaani-project
pyftpdlib - Extremely fast and scalable Python FTP server library
Folly - An open-source C++ library developed and used at Facebook.
freedesktop-sdk
systemd - The systemd System and Service Manager
STest - Unit testing framework for C/C++. Easy to use by simply dropping stest.c and stest.h into your project!